There are three software and security service subscriptions technology consultants should insist all commercial clients adopt. These are email filtering, email encryption, and intrusion detection services. Three very necessary security services for even the smallest of firms.The evidence is compelling. As hackers and nation states increasingly value obtaining network persistence, access to valid email domains, and processing power, everyone’s network is at risk. According to a 2012 data breach investigation study quoted by the FBI agent presenting the 2013 Cyber Trends session, 97 percent of breaches were avoidable using “basic or intermediate controls,” 94 percent involved servers, and 85 percent took more than two weeks to discover. The scariest part? Some 92 percent of infections were not discovered by the victim but by a third party impacted by the victim’s breach.
The most popular current intrusion methods (or avenues by which hackers gain entrance to a network) are through phishing emails, email attachments, and malicious links often included within email messages. The problem of malicious links is growing as a threat due to users becoming increasingly comfortable clicking shortened URLs.
You can leverage appliance- or service-based email filtering to help remove and sanitize messages and email contents. (Barracuda Networks is an example of appliance-based email filtering, and Postini is an example of service-based email filtering.) While there’s no guarantee offloading email filtering from an in-house email server to an appliance or service will prevent all infections, doing so most assuredly transfers the responsibility to a platform better designed for the purpose while also helping keep malicious content from entering the network in the first place (assuming an email filtering device is properly DMZ’ed).
Getting started is easy. You can purchase and configure high availability on a pair of Barracuda Networks appliances, rack them in a data center, and begin reselling the corresponding services with minimal effort or skip straight to reselling Postini services. The barrier to entry is low.
Third parties want clients’ data. You should turn on firewall logging (if you haven’t already) to capture the evidence.
Clients send massive amounts of data via email. Not all clients (medical providers included) understand the full ramifications of distributing sensitive, proprietary, or protected information through email. You must help lead education efforts in assisting clients understand the need to encrypt sensitive email. Security gateway appliances, such as the Barracuda device mentioned above, offer the capacity to also scan email messages for sensitive information (e.g., social security numbers) and automatically encrypt messages as required.
Service costs are minimal. The cost of encrypting sensitive information more than pays for itself by avoiding the expenses associated with an information breach. The challenge is in getting clients to understand the need to pay for such additional security.
Intrusion detection is a third critical element even small organisations should implement. Programmatic, robotic network attacks are becoming more sophisticated. Even small organisations require business-class routers that run intrusion detection services as a subscription, which can be done with Fortinet and SonicWALL security appliances.
Intrusion detection services enable routers to better respond to coordinated attacks. With intrusion detection properly configured on capable security appliances, the router can automatically suspend communication with offending WAN IP addresses. Not to be overlooked, intrusion detection services also typically extend the ability to capture and log much more information regarding attempted attacks, too. This data can prove critical when assessing risks and vulnerabilities and justifying the expense of intrusion detection subscription renewals.